feat(detector/vuls2): SUSE by vuls2

Author: shino

detector/detector.go

@@ -322,11 +322,12 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, vuls2Conf config.Vuls2Conf, logOpts logging.LogOpts, noProgress bool) error {
 	if isPkgCvesDetactable(r) {
 		switch r.Family {
-		case constant.RedHat, constant.CentOS, constant.Fedora, constant.Alma, constant.Rocky, constant.Oracle, constant.Alpine, constant.Ubuntu:
+		case constant.RedHat, constant.CentOS, constant.Fedora, constant.Alma, constant.Rocky, constant.Oracle, constant.Alpine, constant.Ubuntu,
+			constant.OpenSUSE, constant.OpenSUSELeap, constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
 			if err := vuls2.Detect(r, vuls2Conf, noProgress); err != nil {
 				return xerrors.Errorf("Failed to detect CVE with Vuls2: %w", err)
 			}
-		case constant.Amazon, constant.OpenSUSE, constant.OpenSUSELeap, constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
+		case constant.Amazon:
 			if err := detectPkgsCvesWithOval(ovalCnf, r, logOpts); err != nil {
 				return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
 			}

detector/vuls2/vendor.go

@@ -462,6 +462,13 @@ func advisoryReference(e ecosystemTypes.Ecosystem, s sourceTypes.SourceID, da mo
 			Source: "UBUNTU",
 			RefID:  da.AdvisoryID,
 		}, nil
+	case ecosystemTypes.EcosystemTypeOpenSUSE, ecosystemTypes.EcosystemTypeOpenSUSELeap, ecosystemTypes.EcosystemTypeOpenSUSELeapMicro, ecosystemTypes.EcosystemTypeOpenSUSETumbleweed,
+		ecosystemTypes.EcosystemTypeSUSEEnterpriseServer, ecosystemTypes.EcosystemTypeSUSEEnterpriseDesktop, ecosystemTypes.EcosystemTypeSUSEEnterpriseMicro:
+		return models.Reference{
+			Link:   fmt.Sprintf("https://www.suse.com/security/cve/%s.html", da.AdvisoryID),
+			Source: "SUSE",
+			RefID:  da.AdvisoryID,
+		}, nil
 	default:
 		return models.Reference{}, xerrors.Errorf("unsupported family: %s", et)
 	}

detector/vuls2/vuls2.go

@@ -19,6 +19,7 @@ import (
 	criteriaTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/condition/criteria"
 	criterionTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/condition/criteria/criterion"
 	vcAffectedRangeTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/condition/criteria/criterion/versioncriterion/affected/range"
+	"github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/condition/criteria/criterion/versioncriterion/fixstatus"
 	vcPackageTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/condition/criteria/criterion/versioncriterion/package"
 	segmentTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/segment"
 	ecosystemTypes "github.com/MaineK00n/vuls-data-update/pkg/extract/types/data/detection/segment/ecosystem"
@@ -34,6 +35,7 @@ import (
 	"github.com/MaineK00n/vuls2/pkg/version"
 
 	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/constant"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 )
@@ -121,10 +123,18 @@ func preConvert(sr *models.ScanResult) scanTypes.ScanResult {
 		pkgs[p.Name] = base
 	}
 
+	family := func() string {
+		switch sr.Family {
+		case constant.OpenSUSE, constant.OpenSUSELeap, constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
+			return strings.ReplaceAll(sr.Family, ".", "-")
+		default:
+			return sr.Family
+		}
+	}()
 	return scanTypes.ScanResult{
 		JSONVersion: 0,
 		ServerName:  sr.ServerName,
-		Family:      ecosystemTypes.Ecosystem(sr.Family),
+		Family:      ecosystemTypes.Ecosystem(family),
 		Release:     sr.Release,
 
 		Kernel: scanTypes.Kernel{
@@ -159,7 +169,7 @@ func detect(dbc db.DB, sr scanTypes.ScanResult) (detectTypes.DetectResult, error
 	}
 
 	for rootID, base := range detected {
-		for d, err := range dbc.GetVulnerabilityData(dbTypes.SearchRoot, string(rootID)) {
+		for d, err := range dbc.GetVulnerabilityData(dbTypes.SearchRoot, dbTypes.Predicate{RootID: &rootID}, string(rootID)) {
 			if err != nil {
 				return detectTypes.DetectResult{}, xerrors.Errorf("Failed to get vulnerability data. RootID: %s, err: %w", rootID, err)
 			}
@@ -475,6 +485,10 @@ func walkCriteria(e ecosystemTypes.Ecosystem, sourceID sourceTypes.SourceID, ca
 
 		switch fcn.Criterion.Version.Package.Type {
 		case vcPackageTypes.PackageTypeBinary, vcPackageTypes.PackageTypeSource:
+			if !cn.Criterion.Version.Vulnerable {
+				continue
+			}
+
 			rangeType, fixedIn := func() (vcAffectedRangeTypes.RangeType, string) {
 				if fcn.Criterion.Version.Affected == nil {
 					return vcAffectedRangeTypes.RangeTypeUnknown, ""
@@ -494,10 +508,21 @@ func walkCriteria(e ecosystemTypes.Ecosystem, sourceID sourceTypes.SourceID, ca
 							if fcn.Criterion.Version.FixStatus == nil {
 								return ""
 							}
-							return fixState(e, sourceID, fcn.Criterion.Version.FixStatus.Vendor)
+							if s := fixState(e, sourceID, fcn.Criterion.Version.FixStatus.Vendor); s != "" {
+								return s
+							}
+							if fcn.Criterion.Version.FixStatus.Class == fixstatus.ClassUnknown {
+								return "Unknown"
+							}
+							return ""
+						}(),
+						FixedIn: fixedIn,
+						NotFixedYet: func() bool {
+							if cn.Criterion.Version.FixStatus == nil {
+								return true
+							}
+							return cn.Criterion.Version.FixStatus.Class != fixstatus.ClassFixed
 						}(),
-						FixedIn:     fixedIn,
-						NotFixedYet: fixedIn == "",
 					},
 				})
 			}

go.mod

@@ -398,3 +398,7 @@ require (
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )
+
+replace github.com/MaineK00n/vuls-data-update => ../vuls-data-update
+
+replace github.com/MaineK00n/vuls2 => ../vuls2

go.sum

@@ -67,10 +67,6 @@ github.com/MaineK00n/go-cisco-version v0.0.0-20250826032808-615a945b63f4 h1:2eG8
 github.com/MaineK00n/go-cisco-version v0.0.0-20250826032808-615a945b63f4/go.mod h1:x/MwTByToVra1edsHGAGR+t1NsIiY1/PBa6B3hz3nDA=
 github.com/MaineK00n/go-paloalto-version v0.0.0-20250826032740-c5203b6ee7d0 h1:qJq5Xlidm16U9EWjuQun7ZeDhj+W6gHBZyE5iX4BcQE=
 github.com/MaineK00n/go-paloalto-version v0.0.0-20250826032740-c5203b6ee7d0/go.mod h1:ELOxzfAd4oAe4niMmoZlSiJwzf1DF+DjNdjsUcuqAR8=
-github.com/MaineK00n/vuls-data-update v0.0.0-20251119040922-d7602a3c6123 h1:X6m8W8HN7ROj7/Il6+OoNtf2bB3o2mbRX5NL50rHiJ4=
-github.com/MaineK00n/vuls-data-update v0.0.0-20251119040922-d7602a3c6123/go.mod h1:PPnHKRINm9EpZ/HRwKD366yMeEcZGhTfuWxS96BMWcc=
-github.com/MaineK00n/vuls2 v0.0.1-alpha.0.20251120024419-59d504def6ec h1:7PdphOIerzLLOWKm1cB8DsTKW9v/u/NJ6kN4L9Af4Uo=
-github.com/MaineK00n/vuls2 v0.0.1-alpha.0.20251120024419-59d504def6ec/go.mod h1:thvg/lSv2QqzxI1ipYY1qZEjZsZ6cFU49aczHWX8LK4=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=